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We investigate classes of systems based on different interaction patterns with the aim of achieving 
distributability. As our system model we use Petri nets. In Petri nets, an inherent concept of simul- 
taneity is built in, since when a transition has more than one preplace, it can be crucial that tokens 
are removed instantaneously. When modelling a system which is intended to be implemented in a 
distributed way by a Petri net, this built-in concept of synchronous interaction may be problematic. 
To investigate the problem we assume that removing tokens from places can no longer be considered 
as instantaneous. We model this by inserting silent (unobservable) transitions between transitions 
and their preplaces. We investigate three different patterns for modelling this type of asynchronous 
interaction. Full asynchrony assumes that every removal of a token from a place is time consuming. 
For symmetric asynchrony, tokens are only removed slowly in case of backward branched transi- 
tions, hence where the concept of simultaneous removal actually occurs. Finally we consider a more 
intricate pattern by allowing to remove tokens from preplaces of backward branched transitions asyn- 
chronously in sequence {asymmetric asynchrony). 

We investigate the effect of these different transformations of instantaneous interaction into asyn- 
chronous interaction patterns by comparing the behaviours of nets before and after insertion of the 
silent transitions. We exhibit for which classes of Petri nets we obtain equivalent behaviour with 
respect to failures equivalence. 

It turns out that the resulting hierarchy of Petri net classes can be described by semi-structural 
properties. In case of full asynchrony and symmetric asynchrony, we obtain precise characterisations; 
for asymmetric asynchrony we obtain lower and upper bounds. 

We briefly comment on possible applications of our results to Message Sequence Charts. 



1 Introduction 



In this paper, we investigate classes of systems based on different asynchronous interaction patterns with 
the aim of achieving distributability, i.e. the possibility to execute a system on spatially distributed loca- 
tions, which do not share a common clock. As our system model we use Petri nets. The main reason for 
this choice is the detailed way in which a Petri net represents a concurrent system, including the inter- 
action between the components it may consist of. In an interleaving based model of concurrency such 
as labelled transition systems modulo bisimulation semantics, a system representation as such cannot 
be said to display synchronous or asynchronous interaction; at best these are properties of composition 
operators, or communication primitives, defined in terms of such a model. A Petri net on the other hand 
displays enough detail of a concurrent system to make the presence of synchronous communication dis- 
cernible. This makes it possible to study asynchronous communication without digressing to the realm 
of composition operators. 

This paper was partially written during a four month stay of J.-W. Schicke at NICTA, during which he was supported by 
DAAD (Deutscher Akademischer Austauschdienst) and NICTA. 
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Figure 1 : Transformation to the symmetrically asynchronous implementation 



In a Petri net, a transition interacts with its preplaces by consuming tokens. An inherent concept of si- 
multaneity is built in, since when a transition has more than one preplace, it can be crucial that tokens are 
removed instantaneously, depending on the surrounding structure or — more elaborately — the behaviour 
of the net. 

When modelling a distributed system by a Petri net, this built-in concept of synchronous interaction may 
become problematic. Assume a transition tona location I models an activity involving another location 
I', for example by receiving a message. This can be modelled by a preplace s of t such that s and t 
are situated in different locations. We assume that taking a token can in this situation not be considered 
as instantaneous; rather the interaction between s and t takes time. We model this effect by inserting 
silent (unobservable) transitions between transitions and their preplaces. We call the effect of such a 
transformation of a net N an asynchronous implementation of N. 

An example of such an implementation is shown in Figure [TJ Note that a can be disabled in the im- 
plementation before any visible behaviour has taken place. This difference will cause non-equivalence 
between the original and the implementation under branching time equivalences. 

Our asynchronous implementation allows a token to start its journey from a place to a transition even 
when not all preplaces of the transition contain a token. This design decision is motivated by the obser- 
vation that it is fundamentally impossible to check in an asynchronous way whether all preplaces of a 
transition are marked — it could be that a token moves back and forth between two such places. 

We investigate different interaction patterns for the asynchronous implementation of nets. The simplest 
pattern (full asynchrony) assumes that every removal of a token from a place is time consuming. For 
the next pattern (symmetric asynchrony), tokens are only removed slowly when they are consumed by a 
backward branched transition, hence where the concept of simultaneous removal actually occurs. Finally 
we consider a more intricate pattern by allowing to remove tokens from preplaces of backward branched 
transitions asynchronously in sequence (asymmetric asynchrony). 

Given a choice of interaction pattern, we call a net N asynchronous when there is no essential be- 
havioural difference between N and its asynchronous implementation I(N). In order to formally define 
this concept, we wish to compare the behaviours of N and I(N) using a semantic equivalence that fully 
preserves branching time, causality and their interplay, whilst of course abstracting from silent transi- 
tions. By choosing the most discriminating equivalence possible, we obtain the smallest possible class 
of asynchronous nets, thus excluding nets that might be classified as asynchronous merely because a less 
discriminating equivalence would fail to see the differences between such a net and its asynchronous 
implementation. To simplify the exposition, here we merely compare the behaviours of N and I(N) up 
to failures equivalence 0. This interleaving equivalence abstracts from causality and respects branching 
time only to some degree. However, we conjecture that our results are in fact largely independent of this 
choice and that more discriminating equivalences, such as the history preserving ST-bisimulation of [20], 
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would yield the same classes of asynchronous nets. Using a linear time equivalence would give rise to 
larger classes; this possibility is investigated in |fl8ll . 

Thus we investigate the effect of our three transformations of instantaneous interaction into asynchronous 
interaction patterns by comparing the behaviours of nets before and after insertion of the silent transitions 
up to failures equivalence. We show that in the case of full asynchrony, we obtain equivalent behaviour 
exactly for conflict-free Petri nets. Further we establish that symmetric asynchrony is a valid concept 
for N-free Petri nets and asymmetric asynchrony for M-free Petri nets, where N and M stand for certain 
structural properties; the reachability of such structures is crucial. For symmetric asynchrony we obtain 
a precise characterisation of the class of nets which is asynchronously implementable. For asymmetric 
asynchrony we obtain lower and upper bounds. 

In the concluding section, we discuss the use of our results for Message Sequence Charts, as an example 
how they may be useful for other models than Petri nets. When interpreting basic Message Sequence 
Chart as Petri nets, the resulting Petri nets lie within the class of conflict-free and hence N-free Petri nets. 
The more expressive classes give insights in the effect of choices in non-basic MSCs. 

The paper is structured as follows. In Section [2] we establish the necessary basic notions. In Section 
[3] we introduce the fully asynchronous transformation and give a semi-structural characterisation of the 
resulting net class. In Section|4]we repeat those steps for the symmetrically asynchronous transformation. 
Furthermore we describe how the resulting net class relates to the classes of free-choice and extended 
free choice nets. In Section [5] we introduce the asymmetrically asynchronous transformation. We give 
semi-structural upper and lower bounds for the resulting net class and relate it to simple and extended 
simple nets. In the conclusion in Section [6] we compare our findings to similar results in the literature. 

An extended abstract of this paper will be presented at the first Interaction and Concurrency Experience 
(ICE'08) on Synchronous and Asynchronous Interactions in Concurrent Distributed Systems, and will 
appear in Electronic Notes in Theoretical Computer Science, Elsevier. 

2 Basic Notions 

We consider here 1-safe net systems, i.e. places never carry more than one token, but a transition can 
fire even if pre- and postset intersect. To represent unobservable behaviour, which we use to model 
asynchrony, the set of transitions is partitioned into observable and silent (unobservable) ones. 

Definition 2.1 

A net with silent transitions is a tuple N = (S,0,U, F, Mq) where 

- S is a set (of places), 

- O is a set (of observable transitions), 

- U is a set (of silent transitions), 

- F C S xTUT x S (the flow relation) with T := O U U (transitions) and 

- Mq C S (the initial marking). 

Petri nets are depicted by drawing the places as circles, the transitions as boxes, and the flow relation 
as arrows (arcs) between them. When a Petri net represents a concurrent system, a global state of such 
a system is given as a marking, a set of places, the initial state being Mq. A marking is depicted by 



4 



Symmetric and Asymmetric Asynchronous Interaction 



placing a dot (token) in each of its places. The dynamic behaviour of the represented system is defined 
by describing the possible moves between markings. A marking M may evolve into a marking M' when 
a nonempty set of transitions G fires. In that case, for each arc (s, t) G F leading to a transition t in G, a 
token moves along that arc from s to t. Naturally, this can happen only if all these tokens are available in 
M in the first place. These tokens are consumed by the firing, but also new tokens are created, namely 
one for every outgoing arc of a transition in G. These end up in the places at the end of those arcs. A 
problem occurs when as a result of firing G multiple tokens end up in the same place. In that case M' 
would not be a marking as defined above. In this paper we restrict attention to nets in which this never 
happens. Such nets are called 1-safe. Unfortunately, in order to formally define this class of nets, we 
first need to correctly define the firing rule without assuming 1 -safety. Below we do this by forbidding 
the firing of sets of transitions when this might put multiple tokens in the same place. 



Definition 2.2 Let N = (S, O, U, F, M ) be a net. Let M x , M 2 C S. 

We denote the preset and postset of a net element x by 'x := {y \ (y, x) G F} and x' := {y | 
(x, y) G F} respectively. A nonempty set of transitions G C (OU!7),G ^ 0, is called a step 
from Mi to M 2 , notation Mi [G) n M 2 , iff 

- all transitions contained in G are enabled, that is 

V* G G. *t C Mi A (M 1 \ *t) n f = , 

- all transitions of G are independent, that is not conflicting: 

vt,u g G,t / u.*tn*u = At' n u* = , 

- in M 2 all tokens have been removed from the preplaces of G and new tokens have been 
inserted at the postplaces of G: 



M 2 = (Mi\(J-t) U J*" 

V teG / teG 



To simplify statements about possible behaviours of nets, we use some abbreviations. 

Definition 2.3 Let N = (S, O, U, F, M ) be a net with silent transitions. 

>n Q y{S) x 7{0) x 7{S) is defined by M x M 2 ^ G QO A M 1 [G) N M 2 

- C T(S) x is defined by Mi ^ N M 2 & 3t G U. M 1 [{t}) N M 2 

- ^ N c T(S) x O* x 3>(S) is defined by Mi tlt2 "' tn > N M 2 

„, r * {tl} r * {<2} r * r * {<n} r * , . 
Mi > N >n >N y N >N ' ' ' y N y N >N M 2 

T 



where — > N denotes the reflexive and transitive closure of — 

Q 

vrite Mi — ► n foi 
the other two relations. 



We write Mi -^U N for 3M 2 . Mi M 2 , Mi for $M 2 . Mi M 2 and similar for 



A marking Mi is said to be reachable iff there is a a G O* such that Mo ==> Mi . The set of all 
reachable markings is denoted by [Mo) n- 
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We omit the subscript N if clear from context. 

As said before, here we only want to consider 1-safe nets. Formally, we restrict ourselves to contact-free 
nets where in every reachable marking M\ G [Mo) for alH G O U U with 't Q Ml 

(Mi \'t)nf = . 

For such nets, in Definition 12. 21 we can just as well consider a transition t to be enabled in M iff *t C M, 
and two transitions to be independent when 't D °u = 0. In this paper we furthermore restrict attention 
to nets for which *t ^ 0, and *t and t* are finite for alH G O U U. We also require the initial marking 
Mq to be finite. A consequence of these restrictions is that all reachable markings are finite, and it can 
never happen that infinitely many independent transitions are enabled. Henceforth, we employ the name 
r-nets for nets with silent transitions obeying the above restrictions, and plain nets for r-nets without 
silent transitions, i.e. with [7 = 0. 

Plain nets have the nice property of being deterministic, i.e. the marking obtained after firing a sequence 
of transitions is uniquely determined by the sequence of transitions fired. 

Lemma 2.1 Let N = (S, O, 0, F, M ) be a plain net, a G O* and M C S. 
If M Mi AM M 2 then Ml = M 2 . 

Proof Let t € O, a G O* and M' C S. 

Then M Af' O M M' and M ^ M' implies M' = (M \ *t) U f. 
Hence M Mi A M M 2 implies Mi = M 2 . 

The result follows for a trace cr by induction on the length of a. □ 

Our nets with silent transitions can be regarded as special labelled nets, defined as in Definition 12. II but 
without the split of T into O and U, and instead equipped with a labelling function £ : T — > ^4c£ U {r}, 
where Ac? is a set of visible actions and r G" Aci an invisible one. Nets with silent transitions correspond 
to labelled nets in which no two different transitions are labelled by the same visible actions, which can 
be formalised by taking £(t) = t for t G O and £(t) = r for t G U. 

To describe which nets are "asynchronous", we will compare their behaviour to that of their asynchronous 
implementations using a suitable equivalence relation. As explained in the introduction, we consider here 
branching time semantics. Technically, we use failures equivalence, as defined below. 

Definition 2.4 Let N = (S, O, U, F, M ) be a r-net, a G O* and X C O. 

<a, X> is a. failure pair of iV iff 

3Mi. Mo ==> Mi A Mi -A AVt G X. Mi . 
We define &[N) := { <<r, X> | <a, X> is a failure pair of N}. 
Two r-nets N and X' are failures equivalent, N N', iff &(N) = &(N'). 

A r-net N = (S,0,U, F, Mo) is called divergence free iff there are no infinite chains of markings 
Mi M 2 • • ■ with Mi G [M ). 
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3 Full Asynchrony 

As explained in the introduction, we will examine in this paper different possible assumptions of how 
asynchronous interaction between transitions and their preplaces takes place. In this section, we start 
with the simple and intuitive assumption that the removal of any token by a transition takes time. This is 
implemented by inserting silent transitions between visible ones and their preplaces. 



Definition 3.1 Let N = (S, 0, 0, F, M ) be a plain net. 

The fully asynchronous implementation of N is defined as the net 
FI(N) := {S U S T , O, U', F', M ) with 

S T ■= { St \teO,se*t}, 
U' := {t s \t G 0,s G *t} and 

F' := (F n (O x S)) U {(s, t a ), {t„s t ), (s t ,t) \ t€0,s€*t}. 



For better readability we will use the abbreviations °x := {y | (y, x) G F'} and x° := {y \ (x, y) G F'} 
instead of *x or x* when making assertions about the flow relation of an implementation. 

The following lemma shows how the fully asynchronous implementation of a plain net N simulates the 
behaviour of N. 

Lemma 3.1 Let N = (S, O, 0, F, M ) be a plain net, G C O, a G O* and Mi,M 2 Q S. 

1. If Mi M 2 then M x ^f/(tv)^f/(jv) M 2 . 

2. If Mi M 2 then M x ^> F/(Ar) M 2 . 

Proof Assume Mi — >n M 2 . Then, by construction of FI(N), 

M 1 [{t s \t€G,s€ 't}) FI(N) [{t\t€ G}) FI{N) M 2 . 
The first part of that execution can be split into a sequence of singletons. 

The second statement follows by a straightforward induction on the length of a. □ 



This lemma uses the fact that any marking of N is also a marking on FI(N). The reverse does not 
hold, so in order to describe the degree to which the behaviour of FI(N) is simulated by N we need to 
explicitly relate markings of FI(N) to those of N. This is in fact not so hard, as any reachable marking of 
FI(N) can be obtained from a reachable marking of N by moving some tokens into the newly introduced 
buffering places s t . To establish this formally, we define a function which transforms implementation 
markings into the related original markings, by shifting these tokens back. 

Definition 3.2 Let N = (S, O, 0, F, M ) be a plain net and let FI(N) = (5 U S T , O, U', F' , M ). 
: S U S T — > S is the function defined by 

. . , fs iff p = s t with s t G S T ,s G S,t G O 
t (p) := < 

I p otherwise (p G S) 
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Where necessary we extend functions to sets elementwise. So for any MCSU S T we have t*~(M) = 
{t*~(s) I s G Af} = (Af n S) U {s I s t G M}. In particular, r^(Af) = M when M C S. 

We now introduce a predicate a on the markings of FI{N) that holds for a marking iff it can be obtained 
from a reachable marking of N (which is also a marking of FI(N)) by firing some unobservable tran- 
sitions. Each of these unobservable transitions moves a token from a place s into a buffering place Sf. 
Later, we will show that a exactly characterises the reachable markings of FI(N). Furthermore, as every 
token can be moved only once, we can also give an upper bound on how many such movements can still 
take place. 

Definition 3.3 Let N = (S, O, 0, F, Af ) be a plain net and FI{N) = (5 U S T , O, U', F', Af ). 
The predicate a C IP (5 U S T ) is given by 

q(M) t*~(M) G [M )n A Vp,q G Af. T*~(p) = T*~(q) ^p = q. 

The function d : T(S U S T ) — >INU {oo} is given by d(M) := |Af n {s | s G 5, s* / 0}|, where 
we choose not to distinguish between different degrees of infinity. 

Note that a(M) implies [Af| = \t*~(M)\, and reachable markings of N are always finite (thanks to our 
definition of a plain net). Hence a(M) implies d(M) G IN. The following lemma confirms that our 
informal description of a matches its formal definition. 

Lemma 3.2 Let N and FI(N) be as above and M C S U S' r , with M finite. 
Then Vp, q G M. r*~(p) = r^{q) => p = q iff t*~{M) ^* fi{n) Af. 

Proof Given that t*~{M) C S 1 , "if" follows directly from the construction of FI(N). 

For "only if", assume Vp, q G Af . T*~(p) = T*~{q) p = q. Then t*~(M) [{t s \ s t G M}) FI{N) Af. □ 

Now we can describe how any net simulates the behaviour of its fully asynchronous implementation. 

Lemma 3.3 Let N and FI(N) be as above, G C O, a G O* and M, Af' CSUS T . 

1. a(M ). 

2. If q(M) A M -^ f/(jv) M' then r^(Af) r^(Af') A a(M'). 

3. If a(M) A Af -^ F / (iV ) Af' then d(M) > d(M') A r*-(M) = r^(Af') A a(Af'). 

4. If M =^7(jv) Af' then M ^ N r^(Af') A a(Af'). 

Proof O: Af G [Af ) w and Vs G Af C S. t^(s) = s. 

(®: Suppose a(M) and Af -^-> FI ( N ) M' with G C O. So r*~(Af) is a reachable marking of N. 

Let t £ G. Since £ is enabled in M, we have °£ C Af and hence r^(°£) C t*~(M). By construction, 
°£ = {st j s G *£} so t <_ (°£) = •£. Given that N is contact-free, it follows that £ is enabled in r*~(Af). 

Now let £, u G G with £ 7^ it. If s G *£ fl *u then G °£ and s u G °u, so st, s u G Af. However, 
T*~(s t ) = t < "(s„), contradicting a(Af). Hence 9 tn'u = 0. Given that 'tU'u Q r^(Af) and N is 
contact-free, it follows that also t* D it* = and hence £ and u are independent. 
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We will now show that t*~(M) \ \J *t U (J t* = r*~(M'). 
V teG J teG 

M' = (M\{s\se°t,teG})u{s\set°,te G} 

= (M \ {s t \ s G % t G G}) U {s | s G i", i G G} . 

Therefore r^(M') = r^(M \ {s t | s G % t G G}) U r^({s | s G f, t G G}). 

Take any t G G and any s G *t Then s t G M and a(M) implies s^MA$ue0.u^tAs u eM. 
Hence r^(M \ {s t | s G % t G G}) = r^(Af) \ {s | s G *t, t G G}. Thus we find 

r^(M') = t^{M) \ {s | s G 't, t G G} U {s | s G f, t G G} 
and conclude that t^(M) -^v t^(M'). 

Next we establish a(M'). To this end, we may assume that G is a singleton set, for G must be finite — this 
follows from our definition of a plain net — and when M[{toj £1, • • • > t n })M' for some n > then there 
are M 1 , M 2 , . . . , M n with M[{t })M 1 [{ti})M 2 ■ ■ ■ M n [{t n })M', allowing us to obtain the general case 
by induction. So let G = {t} with t G T. 

Above we have shown that r^(M') G [Mo)jv- We still need to prove that Vp, q G M'. p ^ q =4> 
t ^(p) 7^ t ^(q)- Assume the contrary, i.e. there are p, q G M' with p ^ q A T*~(p) = r^(q). Since 
a(M), at least one of p and q — say p — must not be present in M. Then p G t° = t* C 5. As r^(q) = 
t ^(p) = P an d 9 7^ P» it must be that g G 5 r . Hence q ^ i°, so g G M, and p = r^(q) G r*~(M). As 
shown above, i is enabled in r <_ (M). By the contact-freeness of AT, (r^~(M) \ *f) n t* = 0, so p G *t. 
Hence p t G °t C M. As by construction °tnt° = 0, we have p t M', so g 7^ p*. Yetr^(g) = T^(p t ), 
contradicting a(M). 

©: Let t a G J7' such that M[{t s }) F1{N) M' . Then, by construction of FI(N), °t s = {s} A t s ° = {s t }. 
Hence Af' = M\{s}U{s t } andd(M') = d(M)-lAr^(M') = r^(M). Moreover, a(M') <^ a(M). 

(@1): Using CE|-[3]>, this follows by a straightforward induction on the number of transitions in the derivation 

M =^ FI ( N) M'. □ 

It follows that a exactly characterises the reachable markings of FI(N). Using this it is not hard to check 
that implementations of contact-free nets are contact-free, and hence r-nets. 

Proposition 3.1 Let N and FI(N) be as before and M C S U S T . 

1. Me [M Q ) Fm ffia(M). 

2. FI(N) is contact-free. 

3. FI(N) is a r-net. 

Proof <0Q>: "Only if" follows from Lemma[33©, and "if" follows by Lemmas O and EH 
©: Let M G [M Q ) FI{N) . Then a(M), and hence r^(M) G [M )at. 

Consider any t G O with °t C M. Assume (M \ °t) n t° + 0. Since t° = f C 5 let p G 5 be such that 
p G M n i° and p ^ °t. As N is contact-free we have (t*~(M) \ *i) n t* = 0, so since p G r^(M) n i* 
it must be that p G *t. Hence pt e°t C M and we have p ^ pt yet r*~(p) =p = r^(p t ), violating a(M). 

Now consider any i p G U' with °t p C M. As °t p = {p} and t p ° = {p t } we have that (M\ t p )r\t p ^ 
only if p G M A pt G M. However, t"~(p) = p = r^(p t ) which would violate a(M). 

@: By construction, M is finite, °t 7^ 0, and °t and t° are finite for all t G O U fT 7 . □ 
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Figure 2: A net which is not failures equivalent to its fully asynchronous implementation 
By Lemma I33B31 implementations are always divergence free: 

Proposition 3.2 Let N be a plain net. Then FI(N) is divergence free. O 

Whereas in a plain net N for any sequence of observable transitions a G O* there is at most one marking 
M with Mo =>• M, in its fully asynchronous implementation FI(N) there can be several such markings. 
These markings M' differ from M in that some tokens may have wandered off into the added buffer 
places on the incoming arcs of visible transitions. As a consequence, a visible transition t that is enabled 
in M need not be enabled in M' — we say that in FI(N) t can be refused after a. This may occur for 
instance for the net N of Figure namely with a = e (the empty sequence), M the initial marking of 
N, M' the marking of FI(N) obtained by firing the rightmost invisible transition, and t = a. 

When this happens, we have <a, {t}> G J^(FI(N)) \ JP(N), so the nets N and FI(N) are not failures 
equivalent. The direction from implementation to original is nicer however as every transition enabled 
in the implementation must also have been enabled in the original net. Hence the only difference in 
behaviour between original and implementation can consist of additional failures in the implementation. 

Proposition 3.3 Let N and FI(N) be as before. Then &(N) C &(FI(N)). 

Proof Let <er, X> G &{N). Applying Lemma [2TT1 let M\ C S be the unique marking of ./V such that 

Mq ==^A r Mi. By Lemma O also M =^ FI ( N ) M\. So a (Mi). As Mi C S we have t^(M 1 ) = M 1 . 
By Proposition 13.21 there exists a marking M2 with Mi ==>fi(n) M2 A M2 ~^fi(N) ■ Lemma I3.3tl3l 
yields r^(M 2 ) = r^(Mi) A a(M 2 ). 

Suppose <a,X> ^(FI(N)). Then M 2 -^-/(iV) M 3 for some i 6 I and marking M 3 of FI(N). 
LemmaEMl) yields Mi = r^(Afi) = r*~(M 2 ) ^> t*~(M 3 ), which is a contradiction. □ 

If the wandering off of tokens into r-transitions never disables a transition that would be enabled other- 
wise, then there is no essential behavioural difference between N and FI(N), and they are equivalent in 
any reasonable behavioural equivalence that abstracts from silent transition firings. In that case, N could 
be called fully asynchronous. 

Definition 3.4 

The class of fully asynchronous nets respecting branching time equivalence is defined as 
FA(B) := {N I FI(N) N}. 

As for any plain net N we have J^(N) C &{FI{N)), the class of nets FA{B) can equivalently be defined 

as FA(B) := {N | &(FI{N)) C &(N)}. 
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It turns out that there exists a quite structural characterisation of those nets which are failures equivalent 
to their fully asynchronous implementation. 

Definition 3.5 Let N = (S, O, 0, F, M ) be a plain net 

N has a partially reachable conflict iff Eli, w G O. t ^ u A'tD'u ^ and EM G [Mo). *t C M. 

The nets N of Figures [2] and [3 for instance, have a partially reachable conflict. 

Theorem 3.1 A plain net N is in FA(B) iff N has no partially reachable conflict. 

Proof Let N = (S, O, 0, F, M ) and FI(N) = (S U S T , O, U', F' , M ). 

"=>": Assume A/" has a partially reachable conflict. Then there exist t,u£(D,t ^ u, a <EO* and Mi C 5 
such that M =^v Mi, *i n *u / and *t C Mi. By Lemma0we know that <a, {t}> ^(N). 

On the other hand, Mq ==>fi(n) Mi by Lemma |3~TI Let p G *i n *«. Then, by construction of FI(N), 
there exists an M 2 C S U S T with Mi[{« p })M 2 , p ^ M 2 and since i / u also p t £ M 2 . Now let 
M3 C 5 U 5 T such that M 2 —^fi(N) M A M ~ /—> F/(iV) (which exists according to Proposition I3.2I ). 
Since \/v G J7'. p ^ A (pt G ^* =^ p G *t> ) we know that p t ^ A/3. Thus M3 -/— > and there exists a 
failure pair <cr, {t}> G &(FI(N)). Hence &{FI(N)) / J^(JV), so JV £ FA(B). 

"<S=": Assume JV £ FA{B). Then &{F1{N)) / ^{N) and hence &(FI{N)) \ &{N) / by 
Proposition El Let <cr,X> G &{FI{N)) \ &(N). Then there exists an Mi C 5 U S T such that 

M =^fi( N ) Mi A Mi -Z* AVt G X. Mi By LemmaE?© we have M =^> N t*~{M{). 
Let i G X such that r^(Mi) -^>Ar (which exists, otherwise <a, X> G &{N)). Let pe'i such that 
Pt $ Mi (such p t exists, otherwise Mi -—*fi(n))- Since t*~(Mi) -^->n it follows that p G r*~(Mi). 
But p $l Mi, for otherwise Mi —*mN) i > which would be a contradiction. Hence there must exists some 
u G O with p u G Mi and it ^ i. By construction of FI(N) we have p G *u. Thus t,u G O A i 7^ u A 
*t n 'u / A r^(Mi) G [M )at A'tC r*~(Mi) and N has a partially reachable conflict. □ 

4 Symmetric Asynchrony 

For investigating the next interaction pattern, we change our notion of asynchronous implementation 
of a net. We only insert silent transitions wherever a transition has multiple preplaces. These are the 
situations where the synchronous removal of tokens is really essential. 

Definition 4.1 Let N = (S, O, 0, F, M ) be a net. Let O b = {t \ t G O, \*t\ > 1}. 

The symmetrically asynchronous implementation of N is defined as the net 
SI(N) := (S U S T , O, U', F', M ) with 

S T -.= {s t \te O b ,se •*} , 

U' := {t a \te O b ,se **} and 

F' := F n ((O x S) U (S x (O \ O 6 ))) 

u{(s,t s ),(t s ,s t ),(s t ,t) \ teO b ,se't}. 

An example is shown in Figured 
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N: 




SI{N): 



2 



a 




b 




a 



Figure 3: The transition a can be refused in SI(N) by firing the left r. 

Similar to Section |3l we use °x and x° when describing the flow relation of the implementation. 

As Definition 14.11 is only a slight variation of Definition 13.11 the lemmas and propositions about FI in 
Section [3] apply to SI as well, with minimal changes in the proofs. We will again begin with how the 
implementation can simulate the original net. 



Lemma 4.1 Let N = (S, O, 0, F, M ) be a plain net, G C O, a G O* and M 1 ,M 2 C S. 
1. If Mi ^ N M 2 then M 1 -^* si{n) -^si{n) M 2 . 



2. If Mi 



M 2 then Mi 



> SI(N) 



Mo. 



G 



Proof Let O b = {t \ t G O, \*t\ > 1}. Assume Mi ^ N M 2 . Then, by construction of SI (N), 

M x \{t s \teGnO b , se 't}) sm [{t\te G}) SI(N) M 2 . 
The rest of the proof is identical to the proof of Lemma |3~T1 



□ 



Also similar to the fully asynchronous case, we wish to undo the effect of firing extraneous r-transitions. 
The function doing so is the same defined earlier. We also reuse the predicate a and the distance 
function d. However, d{M) is no longer a strict upper bound, or exact measure, on the number of silent 
transitions that need to be fired from the marking M before no further silent transitions are possible. 
Optionally, strictness can be ensured by replacing it by the function e, defined by 

e(M) := |M n {s \ s G 5, 3t G sV \ m t\ > 1}| . 
Again a(M) implies d(M) G IN. 

Lemma 4.2 Let N and SI(N) be as above and M C S U S T , with M finite. 

Then Vp, g G M. r*"(p) = r*"(g) ^ p = q iff r^(M) -^s/(JV) Af. 
Proof This is Lemma I3T21 applied to SI(N) rather than FI(N). The proof is identical. □ 

Lemma 4.3 Let N and SI(N) be as above, G C O, a G O* and M, M' C 5 U 5' T . 

1. a(M ). 

2. If a(M) A M -^ S /(AT) M' then r^(M) r^(M') A a(M'). 

3. If a(M) A M -^ S /(A0 M ' then d(M) > d(M') A r^(M) = r^(M') A a(M'). 

4. If M =^ 5 / (JV ) M' then M r^(M') A a(M'). 
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Proof This is Lemma l331 applied to SI(N) rather than FI(N) ; the proofs of (Q]), © and (01) are identical. 

©: Suppose a(M) and M -^si(N) M' with G C O. So r^(M) is a reachable marking of N. 
For any t G O and s € •£ we set St := sj if |*i| > 1 and s t := s otherwise. 

Let t G G. Since i is enabled in M, we have °i C M and hence r^(°i) C r <_ (M). By construction, 
°t = {§ t | s G *t} so 7-*~(°i) = *£. Given that N is contact-free, it follows that t is enabled in t*~(M). 

Now let t,u G G with f 7^ u. If s G *t n *u then st G °t and s u G °u, so sj, s u G M. As f and « are 
independent in SI(N), we have s t 7^ s u . However, T*~(§t) = s = r*~(s u ), contradicting a(M). Hence 
•tn'u = 0. Given that 'tU'wC r*~(M) and iV is contact-free, it follows that also t* D «* = and 
hence £ and u are independent. 

We will now show that j r^(M) \ (J *i ] U (J f = t*~(M'). 
V teG / teG 

M' = {M\{s\se % teG})u{s\s£t°,teG} 
= {M\{s t \se't,teG})u{s\se f, teG}. 

Therefore t*~{M') = t^{M \{s t \ s G% t€ G}) U t^({s \ s€f,te G}). 

Take any t G G and any sG*t. Then s^GM, r <_ (s() = s and a(M) implies $p<EM. p ^ s t AT*~(p) = s. 
Hence r^(M \ {s t | s G % £ G G}) = t*~(M) \ {s \ s G % t G G}. Thus we find 

r^(M') = r^(M) \ {s | s G *t, £ G G} U {s | s G f, t G G} 
and conclude that t*~(M) -^n t*~(M'). 

That a(M') holds is established in exactly the same way as in the proof of Lemma I3"31 l2"l). noting that in 
deriving p t G °t C M we use p t G °£ C M and p ^ M. □ 

Proposition 4.1 Let JV and S/(iV) be as before and M QSli S T . 

1. MG [M ) 5/W iff a(M). 

2. SI(N) is contact-free. 

3. S/(iV) is a r-net. 

Proof Identical to the proof of Proposition 13. II using the lemmas of Section [4] □ 
Proposition 4.2 Let N be a plain net. Then SI(N) is divergence free. 

Proof This follows immediately from Lemma l4~3ll3"T ). □ 
Proposition 4.3 Let N and SI(N) be as before. Then J*(JV) C &{SI{N)). 

Proof Identical to that of Proposition [331 using the lemmas of Section [4] □ 

Again, the only difference in behaviour between the original net and its implementation is that observable 
transitions can potentially be refused in the implementation, as in Figure [3] This yields a concept of a 
symmetrically asynchronous net. 
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Definition 4.2 

The class of symmetrically asynchronous nets respecting branching time equivalence is defined as 
SA(B) := {N \ SI(N) N}. 

We now show that plain nets can be implemented symmetrically asynchronously with respect to failure 
equivalence exactly when they do not contain reachable structures of the form shown in Figure [3] 

Definition 4.3 

A plain net N = (S, O, 0, F, M ) has a partially reachable N iff 3t,u G O. t ^ u A't D'u ^ 
A \'u\ > 1 A 3M G [M ) N-'t Q M Vu Q M. 

Theorem 4.1 A plain net N is in SA(B) iff N has no partially reachable N. 

Proof Let N = (S, 0, 0, F, M ) and SI(N) = {S U S T , O, U', F', M ). 

"=^>": Assume N has a partially reachable N. Then there exist t, u G O, t ^ u, a G O* and Mi C S 1 such 
that M jv Mi, 'tn'u^ 0, fit | > 1 and *t C Mi V*«C Mi. We will show that 5/(JV) ^ JV. 

There are two cases: 

Case 1, 't C M : We will show that <cr, {t}> G &{SI{N)) but <cr, {t}> ,^(N). As A/ has no silent 
transitions, by Lemma 12.11 we have Mq =5>n M' only if M' = Mi . Since Mi -^>tv it follows that 

On the other hand, Mo ==>si{N) M\ by Lemma |4~T1 Let p G *i fl *u. Then, by construction of SI(N), 
there exists an M 2 C S U S T with Mi[{u p })M 2 , p £ M 2 and since i / it also p t £ M 2 . Now let 
M3 C 5US T such that M 2 —*si(N) -^3 ^ ^3 ~ ¥ ~ > 'si(N) (which exists according to Proposition 14.2b - 
Since Vi> G f/'. p £v* A (p t G v* => p G *«) we have p t ^ M 3 . Thus M 3 and <cr, {t}> G &(SI(N)). 

Case 2, *£ M: Then *u C M. Thus 3g G *t \ *u, so |*£| > 1. This case proceeds as case 1 with the 
roles of t and u exchanged. 

"<f=": Assume N £ SA{B). Then &(SI(N)) ^ J?(N) and hence ^(SI(N)) \ &?(N) ^ by Propo- 
sition 03] Let < cj,X > G &{SI{N)) \ &(N). Then there exists an Ml C SuS T such that 
M =^ S i{N) Mx,M x -^ and Vf G X. Mi By Lemma|4~3l4l) we have M =^> N r < "(Mi). 

Let t £ I such that t*~(Ml) -^at (which exists, otherwise <<r, X> G &{N)). Let p G *t such that 
Pt ^ Mi (such ap exists, otherwise Mi -^^si(N))- Since r^(Mi) -^>at it follows that p G t*~(Ml). 
Butp ^ Mi, for otherwise p / pt and Mi — *si(N)> which would be a contradiction. Hence there must 
exists some u G O with p u G Mi and it 7^ i. By construction of SI(N) we have p G *u and |*it| > 1. 
Thus t,ueO At ^ u A'tn'u ^ A \'u\ > 1 A r^(Mi) G [M )iv A *£ C r*~(Mi), so N has a 
partially reachable N. □ 

The following proposition shows that the current class of nets strictly extends the one from the previous 
section. 

Proposition 4.4 FA(B) C SA(B). 



Proof A net without partially reachable conflict surely has no partially reachable N. The inequality 
follows from the example in Figured] □ 
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N £ FC 
N £ EFC 
N e SA(B) 
N € BFC 



N i FC 
N £ EFC 
N i SA{B) 
N 6 BFC 



N £ FC 
N $ EFC 
N £ SA{B) 
N € BFC 



Figure 4: Differences between various classes of free-choice-like nets 
It turns out that our class of nets SA(B) is strongly related to the following established net classes (2j|3l- 

Definition 4.4 Let N = (S, O, 0, F, M ) be a plain net. 

1. N is free choice, N G FC, iff Vp, q G S. p ^ q Ap* n q' ^ \p'\ = \q*\ = 1. 

2. N is extended free choice, N G EFC, iff Vj>, q £ S. p' Pi q' ^ p' = q' . 

3. N is behaviourally free choice, N G BFC, iff Vn, u G O. 'u D *w ^ 
(VMi G [M ). 'tiCMi^'uC Mi). 

The above definition of a free choice net is in terms of places, but the notion can equivalently be defined 
in terms of transitions: 

N G FC iff Vt, uET.t^uA°tn'u^0=$- \*t\ = \'u\ = 1. 

Both conditions are equivalent to the requirement that N must be N-free, where N is defined as in 
Definition 14.31 but without the reachability clause. Also the notion of an extended free choice net can 
equivalently be defined in terms of transitions: 

N G EFC iff Vt,uGT. , tn'n/0^ , t = 'u. 

This condition says that may not contain what we call a pure N: places p, q and transitions t, u such 
thatp G *t l~l 'u, q G *u and q *t. 

In (3l it has been established that FC C EFC C RFC. In fact, the inclusions follow directly from the 
definitions, and Figure [4] displays counterexamples to strictness. 

The class of free choice nets is strictly smaller than the class of symmetrically asynchronous nets re- 
specting branching time equivalence, which in turn is strictly smaller than the class of behavioural free 
choice nets. The class of extended free choice nets and the class of symmetrically asynchronous nets 
respecting branching time equivalence are incomparable. 



Proposition 4.5 FC C SA(B) C BFC, EFC SA(B) and SA(B) g EFC. 

Proof The first inclusion follows because a partially reachable N is surely an N, and also the second in- 
clusion follows directly from the definitions. The four inequalities follow from the examples in Figure [4] 
The first net is unmarked and thus trivially in SA(B). The second ones symmetrically asynchronous 
implementation has the additional failure <e, {a, b}> and hence this net is not in SA(B). □ 
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FC 




EFC # SA(B) 




BFC 



Figure 5: Overview of free-choice-like net classes 

In Figure [5] the relations between our semantically defined net class SA(B), the structurally defined 
classes FC, EFC, and the more behaviourally defined class BFC are summarised. These relations may 
be interpreted as follows. 

Starting at the top of the diagram, free choice nets are characterised structurally, enforcing that for ev- 
ery place, a token therein can choose freely (i.e. without inquiring about the existence of tokens in any 
other places) which outgoing arc to take. This property makes it possible to implement the system asyn- 
chronously. In particular, the component which holds the information represented by a token can choose 
arbitrarily when and into which of multiple asynchronous output channels to forward said information, 
without further knowledge about the rest of the system. As this decision is solely in the discretion of the 
sending component and not based upon any knowledge of the rest of the system, no synchronisation with 
other components is necessary. 

The difference between SA(B) and FC is that in SA(B) the quantification over the places is dropped, 
making the requirement more straightforward: Every token can choose freely which outgoing arc to 
follow. Thus, SA(B) allows for non-free-choice structures as long as these never receive any tokens. 

This also explains why BFC includes SA(B). Since SA(B) guarantees that all transitions of a problem- 
atic structure are never enabled, transitions in such structures are never enabled while others are disabled. 

The incomparability between the left and the right side of the diagram stems from the conceptual al- 
lowance of slight transformations of the net before evaluating whether it is free choice or not. Extended 
free choice nets and behavioural free choice nets were proposed as nets that are easily seen to be be- 
haviourally equivalent to free choice nets, and hence share some of their desirable properties: in J2j [3) 
constructions can be found to turn any extended free choice net into an equivalent free choice net, and 
any behavioural free choice net into an extended free choice netQ Applied on the last two nets in Figure 0] 
these constructions yield: 




Figure 6: Transformed nets from Figure H] 



16 



Symmetric and Asymmetric Asynchronous Interaction 




6 




a 




b 




a 




T 






\ 



Figure 7: Transformation to asymmetric asynchrony; g such thatp < b s < b q. 



For the second net of Figure 01 a r-transition is introduced, which collects both tokens and then marks 
a single postplace from which the two original transitions are enabled. Hence the choice between the 
two transitions is centralised in the newly introduced place and thus free again. In the definition of 
our symmetrically asynchronous implementation SI, we do not allow any insertion of such "helping" 
T-transitions, as it seems unclear to us how much computing power should be allowed in possibly larger 
networks of such transitions. This becomes especially problematic if these networks somehow track 
part of the global status of the net inside themselves and thus make quite informed decisions about what 
outgoing transition to enable. 



5 Asymmetric Asynchrony 

As seen in the previous section, the class of symmetrically asynchronous nets is quite small. It precludes 
the implementation of many real-world behaviours, like waiting for one of multiple inputs to become 
readable, a Petri net representation of which will always include non free-choice structures. 

Therefore we propose a less strict definition of asynchrony such that actions may depend synchronously 
on a single predetermined condition. In a hardware implementation the places which earlier could always 
forward a token into some silent transitions must now wait until they receive an explicit token removal 
signal from their posttransitions. 

To this end we introduce a static priority over the preplaces of each transition. Every transition first 
removes the token from the most prioritised preplace and then continues along decreasing priority. To 
formalise this behaviour in a Petri net we insert a silent transition for each incoming arc of every transi- 
tion. These silent transitions are forced to execute in sequence by newly introduced buffer places between 
them. In the final position of this chain, the original visible transition is executed. An example of this 
transformation is given in Figure |7] 

1 In (2] |3) the nature of the equivalence between the original and transformed net is not precisely specified. However, it 
can be argued that whereas the transformation from FFC-nets to FC-nets preserves branching time as well as causality, the 
transformation from BFC-nets to FFC-nets preserves branching time only: the third net of Figure|4]is interleaving bisimulation 
equivalent with its FFC-counterpart in Figure [6] but whereas the original net can perform the transitions a and c concurrently 
(in one step), the transformed net cannot. 
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Definition 5.1 Let N = (S, 0, 0, F, M ) be a plain net. 

Let g C (S x O) x (S 1 x O) be a relation on F n (S x O) such that for each t G O we have that 
5 (~l (*£ x {i}) is a total order on *t x {t}. Let <* be the total order on *t given by p <* s iff 

((p,t),(s,t)) eg. 

We write min* for the <^ -minimal element of *t and (s — 1)* for the next place in *t that is 
<* -smaller than s. 

We define a set of silent transitions as X := {t s | t G O, s G •<}. 
Let /i : X -> X U O be the function 



/i(* s ) 



iff s = min* 
otherwise 



The asymmetrically asynchronous implementation with respect to g of N is defined as the net 
AI g := (S U S T , O, U', F', M ) with 



5 T 
17' 



{s t | t G O, s e't, s / min* } , 



= \ O = {t s | i G O, s G *i, s ^ min* } and 

= F n (O x S) 

U | t G O, s G *t} 

U{(t s ,s t ) \t e O, s E*t, s ^= min* } 

U {(s t , k(tp)) | t G O, s G *t, s / min* , p = (s - 1)* } . 

As before, we are interested in the relationship between nets and their possible implementations. The def- 
inition of asymmetric asynchrony however allows different implementations for the same net. We show 
that the lemmas and propositions from the previous sections carry over for all possible implementations. 
As in the earlier sections, we start by showing how the implementation simulates the original. 



Lemma 5.1 Let N = (S, O, 0, F, M ) be a plain net, G C O, a G O* , M 1 , M 2 C S and g as above. 

1. If Mi M 2 then M 1 ^* AIg{N) -^Ai g (N) M 2 . 

2. If Mi =^> N M 2 then M x =^Ai g (N) M 2 . 



Proof Let AI g (N) = (S U S T , O, U' , F', M ). Assume Mi -^ N M 2 . Then, due to the restrictions 
on g, there exists a sequence of pairwise disjoint nonempty sets G\, G 2 , . . . , G n C [/' such that Vt G G, 
s G *t, s / min* 3«, 1 < i < n. i s G and Vt p G G«, t q G Gj, i < j. (t,p) >* By the 

construction of AI g (N) then 

M l [Gl)AI g (N) [G2)AI g (N) ■ ■ ■ [Gn)AI g (N) [G) A I g (N) M 2 . 

All non-final steps of that execution can be split into a sequence of singletons. 

The second statement follows by a straightforward induction on the length of a. □ 

As for the symmetrical case, we wish to push back all tokens on S T in a marking to their roots in S. This 
time, however, multiple silent transitions need to be undone. 



Definition 5.2 Let N = (S, O, 0, F, M ) be a plain net and let AI g (N) = {S U S T , O, U' , F', M ). 
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: 3>(S U S T ) -» 1(5) is the function defined by 

r^(M) := (M n 5) U {s | 3t G O. s G 't A 3p 4 G M n S T . p <* s} . 

Given a reachable marking M of the implementation, will produce a reachable marking of the orig- 
inal net, which by Lemma [57T1 is also a reachable marking of the implementation, from which M could 
have arisen by firing some of the added unobservable transitions. Note that r <s= (°t) = *t for any t G O. 
The application of is only meaningful for markings where no two elements of S T have originated 
from the same transition. However, implementations of contact-free nets produce only reachable mark- 
ings which fulfil this condition, as we will show below. 

We now give the invariant predicate 7 that characterises the markings of an implementation that can be 
obtained from a reachable marking of the original net by firing some unobservable transitions. 

Definition 5.3 Let N = (S, O, 0, F, M ) be a plain net and AI g (N) = {SUS T 7 7 U' , F', Af ). 
The predicate 7 C T(S U S T ) is given by 

7(M) :^ t^(M) £[M ) N A\fp,q e M.T^({p})riT^({q}) ^ => p = q . 
Note that j(M) implies f(M) G IN. 

Lemma 5.2 Let N and AI g (N) be as above and M C S U S T , with M finite. 

ThenVp,gGM. r^({p}) n r^({q}) ^ => p = g iff r^(M) -U^ M. 

Proof Given that r <s= (M) C S 1 , "if" follows directly from the construction of AI g (N). 
For "only if", assume Vp, g G M. r"^(p) n r^(g) / p = g. Let G\ := {t s \ s t G M} and 
Gj+i := {t p I 3^ G Gi. q = (p — 1)*} for i > 1. The assumption guarantees that all Gi are disjoint. 
Since M is finite, and *t is finite for all ieO, there must be an n > such that Gi = iff i > n. Now 

r^(M) [G n ) A[g{N) [G n _i) A/sW • • • [Gi> A / 9(JV ) M. □ 

Lemma 5.3 Let iV and A/ fl (iV) be as above, G C O, a G O* and M, M'C5U5 T . 

1. 7 (Mo). 

2. If 7 (M) A M ^a/ 9 (jv) M' then r^(M) r^(M') A y(M'). 

3. If 7(M) AM -—^Ai g (N) M'thend(M) > d(M') A t^(M) = r^(M') A 7(M'). 

4. If M =^iz a (jv) Af' then M =^> N r^(M') A 7(M'). 

Proof ©: M G [M )jv and Vs G M C 5. r^({s}) = {s}. 

©: Suppose j(M) and M -^»AJ a M' with G C O. So r^(M) is a reachable marking of iV. 

Let t £ G. Since i is enabled in M, we have °t C M and hence r" 4= (°t) C r' 4= (M). By construction, 
T^(°t) = *t. Given that N is contact-free it follows that t is enabled in t^(M). 

Now let t,u G G with t ^ u. If s G *t n *u then s G r^(°t) n t^(°-u) but since t, u G G, °t n °u = 
and °i U °!i C M, contradicting 7(M). Hence *t n "u = 0. Given that 'tll'uC. r^(M) and JV is 
contact-free, it follows that also t* H u* = and hence t and u are independent. 
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We will now show that r^(Af) \ \J m t U \J tf = t^(M'). 

\ teG J teG 

By DefinitionlUlwe have f AO = \J seM t^({s}) for any Af C SUS T . Moreover, when Af satisfies 
7(M) this union is disjoint. In that case, for any set Y C Af we have r <s= (M \ Y) = r^(M) \ t^(Y). 

Af = (Af \ {s | s G °i, t G G}) U {s | s G t°, t G G} . 

Therefore 

r^(M') = (r^(Af) \ r^({s | s G % t G G})) U r^({s | s G t°, t G G}) 
= (r^(Af) \ {s | s G t G G}) U {s | s G f, t G G} . 

Next we establish j(M'). As in the proof of Lemma |3~31 l2l we may assume that G is a singleton set {t}. 
Above we have shown that r^(M') G [Af ) n- We still need to prove that r"^({p}) n r^({q}) / =^> 
p = q for all p, q G M'. Assume the contrary, i.e. there are p, q G M' with ^({p}) n t^({q}) 7^ but 
p / q. Since 7(M), at least one of p and g — say p — must not be present in Af . Then p G t° = t* C 5. 
As r"^({g}) n r"^({p}) / 0, r^({p}) = {p} and q ^ p it must be that g G 5 T . Hence q g t°, so 
q G M, and p G t"^ ({<?}) C r^Af ). As shown above, t is enabled in r' 4= (M). By the contact-freeness 
of N, (r^(M) \ *i) D i* = 0, so p G *t. Since p £ M, there exists a place G (°t n 5 T ) C Af 
with p G T^({r t }). By construction, f n S T = 0, so we have r t Af', hence q ^ r t . However, 
p G T^({g}) n T^({r t }), contradicting j(M). 

©: Let t s G U' such that M[{i s }} A/g(A r)M'. Then °t s n 5 = {s} and s* / 0. As t s °nS = 0, no 
element of t s ° contributes to d(M') and hence d(M') = d(M) - 1. 

If °t s C S then r <s= (Af / ) = r*=((M \ °t,) U i s °) = t*=((M \ {s}) U {sj) = r^(Af). Otherwise let 
p £ S such that p^ G °t a . Thenr^(Af') = r^((M\%) Ui s °) = r^((M\{s,p t }) U{s t }) = r^(Af). 

Moreover, t(M') <=> 7(Af). 

((U): As in Lemma 1331 □ 

Proposition 5.1 Let N and AI g (N) be as before and Af C 5 U 5 T . 

1. MG[M ) A/ff(iV) iff7(M). 

2. AI g (N) is contact-free. 

3. Alg(N) is a r-net. 

Proof £T|): Identical to the proof of Proposition |3JJQ~K using the lemmas of Section[5] 

©: Let M G [M )a/ 9 (jv). Then 7(M), and hence r^(Af) G [Af )jv. 

Consider any t G O with °t C M. Assume (Af \ °t) n t° / 0. Since i° = f* C 5 let p G 5 be such that 
p G M n t° and p °t. As iV is contact-free we have (r^(Af ) \ *i) n f = 0, so since p G r^(Af) n f 
it must be that p G *i. Hence, using that p °t there must be an s t G °t C Af with s <* p, and hence 
p G T^dst}). We have p ^ s t yet p G t <s= ({p}), violating 7(Af ). 

Now consider any t p G U' with °t p C Af. As p G °t p and t p ° = {p t } we have that (Af \ °t p ) C\t p ° ^ 
only if p G Af Apt £ Af . However, T^({p}) = {p} C r^dpt}) which would violate 7(Af ). 

©I Identical to the proof of Proposition |3jj3]). □ 



Proposition 5.2 Let N be a plain net and g as before. Then AI g (N) is divergence free. 
Proof This follows immediately from Lemma I53H31 . 



□ 
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Proposition 5.3 Let N and AI g (N) as before. Then &{N) C 3?(AI g (N)). 

Proof Identical to that of Proposition [33J using the lemmas of Section [5] □ 

We define a net to be asymmetrically asynchronous if any of the possible implementations simulates the 
net sufficiently. 

Definition 5.4 

The class of asymmetrically asynchronous nets respecting branching time equivalence is defined 
nsAA(B) := {N | 3g.AI g (N) «jr N}. 

As before, we would like to obtain a semi-structural characterisation of AA(B) in the spirit of Theo- 
rems [3j] and [4j] Unfortunately we didn't succeed in this, but we obtained structural upper and lower 
bounds for this net class. 

Definition 5.5 

A net N = (S, O, 0, F, Mq) has a left and right reachable M iff 3t, u,v G O 3p G *t n 'u 
3qe'uD*v. t^uAu^vAp^qA 3M 1 ,M 2 G [M ). *t U 'u C M x A *v U *u C M 2 . 

A net A" = (S 1 , O, 0, F, Mo) /las a Ze/f and right border reachable M iff 3t, u, v G O 3p G *t fl *u 
3q£'un*v. t^uAu^v Ap^qA 3M 1 ,M 2 G [Mq). *t C Mi A'dC M 2 . 

Theorem 5.1 

A plain net A^ in AA(B) has no left and right reachable M. 

Proof Let N = (S, O, 0, F, Mq). Assume N has a left and right reachable M. Then there exist 
t,u,v G O and p,q G S such that p G *i n *«, q^*un'v,t^u, u^v,p^q and there are reachable 
markings Mi,M% G [M ) such that 'tU'uC Mi and 'dU'uC M 2 . We will show thatA/ g (A r ) 56 jr A", 
regardless of the choice of 5. 

The problematic transition will be u. Either p >^ q or q >g p. Due to symmetry we can assume 
the former without loss of generality. So p ^ min^. We know that there is some a G O* such that 
Mq ==^ > A r Mi A *t C Mi. By Lemma0it follows that <cr, {t}> G" <^(N). 

By Lemma ED also Mq =>Ai g (N) M\. Letpo> • • • iPn € 5 such that {s G | p <^ s} = {pq, . . . ,p n } 
with Pq = p and pi-\ = (pi — l) g for 2 < i < n. Since *u C Mi there thus exists an M{ with 
M i[{u Pn })Ai g (N)[{u Pn -i})Ai g (N) ■ ■ ■ [{u P0 }}ai 9 (N)M[. Note that p u G M[. By Propositions E2 there 
exists an M" with M[ -^->* AI ( N ) M'{ A M" -£->Al g (N)> and Proposition OH]) yields j(M"). 

From the construction of AI g (N), using that p u G M[, it follows that 3s G *u. s <^ p A s u G Mf. 
Moreover, p G r <;= ({s. [1 )}. We also have p G *t = T^(°t), so 3r G °f. p G ^({r}). As j(M"), we 
have r g Mf, and thus °t ^ Mf. Therefore <cr, {t}> G &(AI g (N)). Hence A" is not in AA{B). □ 

Theorem 5.2 

A plain net N which has no left and right border reachable M is in AA(B). 
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N£AA{B) NeAA(B) 



Figure 8: Nets which have a left and right border reachable M, but no left and right reachable M 

Proof Let N = (S, O, 0, F, Mo). Given a transition uGO, we say that a u-conflict occurs in apreplace 
p G 'u when 3t £p*. t ^ u A (3M a G [M )jv- 't C Mi)). 

Assume has no left and right border reachable M. This means that every u G O has at most one 
preplace where an -u-conflict occurs. Now choose g C (5 x O) x (5 x O) such that for all it G O, min^ 
is that single place, if it exists. Let AI g (N) = (S U S T , O, f7', F', M ). 

We prove that J?(N) = &{AI g (N)). From Proposition [53] we already have that &{N) C ^{AI g (N)). 
Therefore consider a failure pair <er, X> G &{AI g (N)). We need to show that <cr, X> G &{N). 

There exists some Mi C S U 5 r with M =^ A i g (N) Mi A Mi AVt G X. Mi 4^. By Lemma[53] 
M =^ N r^(Mi). Now take any t G X. Assume t^(Mi) Then °t Mi but *t C r^(Mi). 

By construction of we have \/p G *t. p G Mi V 3u G O. p G *u A 3s M G Mi n S" 1 ". s <^ p. 
Now suppose we had \/p E't. p G Mi V 3s t G Mi n S T . s <* p. Then °t C Mi, using Mi i 
Hence 3p G *t 3u G O. u^iApG'uA 3s u G M x n S" 7 ". s <^ p. 

But then iGp'Ai/uA r^(Mi) G [M )at A'i C t^(Mi), so a u-conflict occurs in p G *u. Yet 
3s <g p. s u G 5 T implies that s ^ xuin g and hence p ^ min^, by the construction of AI g (N). This 
however contradicts our construction for g given above. Hence t^(M\) -^n- Applying this argument 
for alii G X yields <a, X> G &{N) and thereby &(AI g (N)) C J^(N). Thus X G AA(£). □ 

Figure [8] shows two nets, each with a left and right border reachable M but no left and right reachable M, 
that thus fall in the grey area between our structural upper and lower bounds for the class AA(B). In this 
case the first net falls outside AA{B), whereas the second net falls inside. The crucial difference between 
these two examples is the information available to u about the execution of y. 

There exists an implementation for the right net, namely by u taking the tokens from r, q and s in that 
order. The first token (from r) conveys the information that y was executed, and thus t is not enabled. 
Collecting the last token (from s) could fail, due to v removing it earlier. Even so, removing the tokens 
from r and q did not disable any transition that could fire in the original net. In the left net such an 
implementation will not work. 

The following proposition says that our class of symmetrically asynchronous nets strictly extends the 
corresponding class of asymmetrically asynchronous nets. 



Proposition 5.4 SA(B) C AA{B). 
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Figure 9: N G A4(5), N £ ESPL 

Proof A net which has no partially reachable N also has no left or right border reachable M. The 
inequality follows from the example in Figure [3j □ 

As before, our class AA(B) is related to some known net classes |[3l . 

Definition 5.6 Let N = (S, O, 0, F, M ) be a plain net. 

1. N is simple, N G SPI, iff Vp, q € S. p ^ q A p° H q m ^ => \p' \ = 1 V \q* \ = 1. 

2. N is extended simple, N G PSPL, iff Vp, g G 5. p* n ^ => p* C g* V q" C p* . 

Extended simple nets appear in |2] under the name asymmetric choice systems. Note that simple is 
equivalent to M-free, where M is as in Definition 15 .5 1 but without the reachability clauses. Clearly, we 
have FC C SPL C £#P£ and PFC C ESPL, whereas PFC ^ 5PL and SPL <£ EFC: the inclusions 
follow immediately from the definitions, and the first two nets of Figure |4] provide counterexamples to 
the inequalities. 

The class of asymmetrically asynchronous nets respecting branching time equivalence strictly extends 
the class of simple nets, whereas it is incomparable with the class of extended simple nets. 

Proposition 5.5 SPL C AA(B), AA(B) £ ESPL and ESPL £ AA(B). 

Proof The inclusion is straightforward, and the inequalities follow from the counterexamples in Fig- 
ure [4] (the second one) and Figure [9] The missing tokens in the latter example are intended. As no action 
is possible there will not be any additional implementation failures. □ 

The relations between the classes SPL, ESPL and AA(B) are summarised in Figure [TO] Similarly to 
what we did in SectionlH we now try to translate Figure [10] into an intuitive description. 

The basic intuition behind SPL is that for every transition there is only one preplace where conflict 
can possibly occur. Whereas in SPL that possibility is determined by the static net structure, in AA(B) 
reachability is also considered. 

Similar to the difference between FC and EFC there exists a difference between ESPL and SPL which 
originates from the fact that ESPL allows small transformations to a net before testing whether it lies in 
SPL. Again our class AA(B) does not allow such "helping" transformations. 



SPL 

/ \ 

/ \ 

ESPL — #— AA(B) 



Figure 10: Overview of asymmetric-choice-like net classes 
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6 Conclusion and Related Work 

We have investigated the effect of different types of asynchronous interaction, using Petri nets as our 
system model. We propose three different interaction patterns: fully asynchronous, symmetrically asyn- 
chronous and asymmetrically asynchronous. An asynchronous implementation of a net is then obtained 
by inserting silent (unobservable) transitions according to the respective pattern. The pattern for asym- 
metric asynchrony is parametric in the sense that the actual asynchronous implementation of a net de- 
pends on a chosen priority function on the input places of a transition. For each of these cases, we 
investigated for which types of nets the asynchronous implementation of a net changes its behaviour 
with respect to failures equivalence (in the case of asymmetric asynchrony, the 'best' priority function 
may be used). It turns out that we obtain a hierarchy of Petri net classes, where each class contains 
those nets which do not change their behaviour when transformed into the asynchronous version accord- 
ing to one of the interaction patterns. This is not surprising because later constructions allow a more 
fine-grained control over the interactions than earlier ones. 

We did not consider connections from transitions to their postplaces as relevant to determine asynchrony 
and distributability. This is because we only discussed contact-free nets, where no synchronisation by 
postplaces is necessary. In the spirit of Definition 13.11 we could insert r-transitions on any or all arcs 
from transitions to their postplaces, and the resulting net would always be equivalent to the original. 

Although we compare the behaviour of a net and its asynchronous implementations in terms of fail- 
ures equivalence, we believe that the very same classes of nets are obtained when using any other rea- 
sonable behavioural equivalence that respects branching time to some degree and abstracts from silent 
transitions — no matter if this is an interleaving equivalence, or one that respects causality. We would 
get larger classes of nets, for example for the case of full asynchrony including the net of Figure |2j if 
we merely required a net N and its implementation to be equivalent under a suitably chosen linear time 
equivalence. This option is investigated in |[T8l . 

The central results of the paper give semi-structural characterisations of our semantically defined classes 
of nets. Moreover, we relate these classes to well-known and well-understood structurally defined classes 
of nets, like free choice nets, extended free choice nets and simple nets. 

To illustrate the potential interpretation of our results in other models of distributed systems, we give an 
example. 

Message sequence charts (MSCs), also contained in UML 2.0 under the name sequence diagrams, are 
a model for specifying interactions between components (instances) of a system. A simple kind are 
basic message sequence charts (BMSCs) as defined in lTT2l . where choices are not allowed. A Petri 
net semantics of BMCSs with asynchronous communication and a unique sending and receiving event 
for each message will yield Petri nets with unbranched places (see for instance [9]). Hence in this case 
the resulting Petri nets are conflict-free and therefore fully asynchronously implementable according to 
Theorem l3.ll 

However in extended versions of MSCs, e.g. in UML 2.0 or in live sequence charts (LSCs, see ifTOl ). 
inline expressions allow to describe choices between possible behaviours in MSCs. Consider for example 
the MSC given in Figure \TT\ and a naive Petri net representation. The instances i 1 and i2 can either 
communicate or execute their local actions. Obviously, this requires some mechanism in order to make 
sure that the choice is performed in a coherent way (see e.g. [7J for a discussion of this type of problem). 
In the Petri net representation, we find a reachable N, hence with Theorem 14. II the net does not belong 
to the class SA(B) of symmetrically asynchronously implementable nets. However, the net is M-free, 
and thus does belong to the class AA(B) of asymmetrically asynchronously implementable nets. By 
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Figure 11: An MSC and a potential implementation as Petri net, which has an N. 



giving priority to the collection of the message token (choosing the appropriate function g in our notion 
of implementation), it can be assured that instance i2 does not make the wrong choice and gets stuck 
(however it is still not clear whether the message will actually be consumed). 

The obvious question is whether the naive Petri net interpretation we have given is conform with the 
intended semantics of the a^-construct (according to the informal UML semantics the alternatives always 
have to be executed completely; in LSCs it is specified explicitly whether messages are assured to arrive). 
However, on basis of a maybe more elaborate Petri nets semantics, it could be discussed what types of 
MSCs can be used to describe physically distributed systems, in particular which type of construct for 
choices is reasonable in this case. 

Another model of reactive systems where we can transfer our results to are process algebras. When 
giving Petri net semantics to process algebras, it is an interesting question to investigate which classes 
of nets in our classification are obtained for certain types of operators or restricted languages, and to 
compare the results with results on language hierarchies (as summarised below). 

We now give an overview on related work. A more extensive discussion is contained in |[T8l . We start by 
commenting on related work in Petri net theory. 

The structural net classes we compare our constructions to were all taken from 0, where Eike Best 
and Mike Shields introduce various transformations between free choice nets, simple nets and extended 
variants thereof. They use "essential equivalence" to compare the behaviour of different nets, which they 
only give informally. This equivalence is insensitive to divergence, which is also relied upon in their 
transformations. As observed in Footnote [H it also does not preserve concurrency. They continue to 
show conditions under which liveness can be guaranteed for some of the classes. 

In HI, Wil van der Aalst, Ekkart Kindler and Jorg Desel introduce two extensions to extended simple 
nets, by allowing self-loops to ignore the discipline imposed by the ESP L-requirement. This however 
assumes a kind of "atomicity" of self-loops, which we did not allow in this paper. In particular we do not 
implicitly assume that a transition will not change the state of a place it is connected to by a self-loop, 
since in case of deadlock, the temporary removal of a token from such a place might not be temporary 
indeed. 

In lfT7 ll Wolfgang Reisig introduces a class of systems which communicate using buffers and where the 
relative speeds of different components are guaranteed to be irrelevant. The resulting nets are simple 
nets. He then proceeds introducing a decision procedure for the problem whether a marking exists which 
makes the complete system live. 

The most similar work to our approach we have found is lfTTTl . where Richard Hopkins introduces the 
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concept of distributable Petri Nets. These are defined in terms of locality functions, which assign to 
every transition t a set of possible machines or locations L(t) on which t may be executed, subject to 
the restriction that a set of transitions with a common preplace must share a common machine. A plain 
net N is distributable iff for every locality function L that can be imposed on it, it has a "distributed 
implementation", a T-net N' with the same set of visible transitions, in which each transition is assigned 
a specific location, subject to three restrictions: 

• the location of a visible transition t is chosen from L(t), 

• transitions with a common preplace must have the same location 

• and there exists a weak bisimulation between N and N', such that all T-transitions involved in 
simulating a transition t from N reside on one of the locations L(t). 

The last clause enforces both a behavioural correspondence between N and N' and a structural one 
(through the requirement on locations). Thus, as in our work, the implementation is a r-net that is 
required to be behaviourally equivalent to the original net. However, whereas we enforce particular 
implementations of an original net, Hopkins allows implementations which are quite elaborate and make 
informed decisions based upon global knowledge of the net. Consequently, his class of distributable nets 
is larger than our asynchronous net classes. As Hopkins notes, due to his use of interleaving semantics, 
his distributed implementations do not always display the same concurrent behaviour as the original nets, 
namely they add concurrency in some cases. This does not happen in our asynchronous implementations. 

Another branch of related work is in the context of distributed algorithms. In Luc Bouge considers 
the problem of implementing symmetric leader election in the sublanguages of CSP obtained by either 
allowing all guards, only input guards or no communication guards at all in guarded choice. He finds that 
the possibility of implementing it depends heavily on the structure of the communication graphs, while 
truly symmetric schemes are only possible in CSP with input and output guards. 

Quite a number of papers consider the question of synchronous versus asynchronous interaction in the 
realm of process algebras and the 7r-calculus. In [4] Frank de Boer and Catuscia Palamidessi consider 
various dialects of CSP with differing degrees of asynchrony. In particular, they consider CSP with- 
out output guards and CSP without any communication based guards. They also consider explicitly 
asynchronous variants of CSP where output actions cannot block, i.e. asynchronous sending is assumed. 
Similar work is done for the 7r-calculus in lfl6l by Catuscia Palamidessi, in [ 15] by Uwe Nestmann and 
in |E1 by Dianele Gorla. A rich hierarchy of asynchronous 7r-calculi has been mapped out in these pa- 
pers. Again mixed-choice, i.e. the ability to combine input and output guards in a single choice, plays a 
central role in the implementation of truly synchronous behaviour. It would be interesting to explore the 
possible connections between these languages and our net classes. 

In Q30 , Peter Selinger considers labelled transition systems whose visible actions are partitioned into 
input and output actions. He defines asynchronous implementations of such a system by composing it 
with in- and output queues, and then characterises the systems that are behaviourally equivalent to their 
asynchronous implementations. The main difference with our approach is that we focus on asynchrony 
within a system, whereas Selinger focusses on the asynchronous nature of the communications of a 
system with the outside world. 

Finally, there are approaches on hardware design where asynchronous interaction is an intriguing feature 
due to performance issues. For this, see the papers [ 13] and [14] by Leslie Lamport. In lfl4l he considers 
arbitration in hardware and outlines various arbitration-free "wait/signal" registers. He notes that nonde- 
terminism is thought to require arbitration, but no proof is known. He concludes that only marked graphs 
can be implemented using these registers. Lamport then introduces "Or- Waiting", i.e. waiting for any of 
two signals, but has no model available to characterise the resulting processes. The used communication 
primitives bear a striking similarity to our symmetrically asynchronous nets. 
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